Ransomware: should your company pay?

Preparing for ransomware attacks

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Falling victim to aransomwareattack and being threatened with a ransom will never be an ideal situation. You will be forced to make a challenging judgment call, often under high pressure, and with limited time to decide. In situations like these, preparedness goes a long way.

Mark Harris is Senior Research Director atGartner.

Despite the FBI and Department of Homeland Security warning companies to avoid paying ransoms, Colonial Pipeline paid hackers $4.4 million in ransom this year for a decryption tool that restored oil operations. This decision was extremely controversial, and the company’s CEO was later brought before US Congress to testify that the debilitating impact to the country’s fuel supply drove the decision.

This situation, like many others, triggers a point of reflection: What how would your organization handle a ransomware attack? Should you, and would you, pay to retrieve yourdataback or restore your systems?

Choosing whether to pay the ransom is challenging, and a decision that must be made carefully at the board level, not bysecurityand risk leaders – understanding what happens if you pay is key to making that decision.

So, what happens if you pay?

Hypothetically, if a company responds to the ransom and pay, the attackers will provide a decryption tool and renounce their threats of publishing stolen data. Unfortunately, however, the payment does not guarantee that all your data will be restored – attackers may simply take their money and run. Due to this, executives must thoroughly consider the realities of ransomware, including:

The realities of ransomware

For cybercriminals, ransomware is a sustainable and lucrative business model – and it puts every organization that uses technology at risk. Rather than recovering frombackups, in most cases, it’s easier and cheaper to simply pay the ransom. However, the flipside of that approach is that supporting the attackers’ business model will only lead to more ransomware.

Generally, law enforcement agencies advise companies not to pay to discourage this kind of criminal activity. In many cases, paying a ransom to cybercriminals would be illegal, due to its funding criminal activities.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Prior to engaging with or negating with attackers, the best approach would be to consult law enforcement, a professional incident response team, and regulatory bodies.

Prepare now

There is no way to prevent ransomware attacks from ever happening. Therefore, the best approach would be to assume you will be the victim one at some point and set up a viable framework and game-plan to ensure a quick and effective response.

This would include going through simulation scenarios and exercises for what happens when an attack occurs, and how to best respond. An example of how these practice scenarios is helpful was seen with several organizations, who found that it took far longer than expected to write a press release about an attack, emphasizing the necessity to have a pre-written statement prepared for these occasions.

It is also essential to reinforce backups and test restores for all essential business. If backups work, assuming the cost of recovery will always be less than paying the ransom for an uncertain outcome.

Regrettably, most companies do not test restore until after they’ve been hit with a ransomware attack, at which point it is far too late.

Moreover, the better business executives understand and are awareness of the risks, the better prepared they will be to make a well-founded decision and rationalize it in the face of scrutiny.

Approach ransomware as a business decision. If the problem is discernible across the organization, and allemployeesare trained to deal with it, there will be less room for error if you get hit.

Here at TechRadar, we feature thebest encryption softwareand cover the bestmalware removal software.

Mark Harris is Senior Research Director at Gartner.

Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics

This new phishing strategy utilizes GitHub comments to distribute malware

Smeg Combi Steam Oven review: a multi-functional countertop oven that looks stunning and cooks well